How can I make an easy to remember secure password?

Creativity and fun helps you make a strong password that you can more easily remember.
Before committing to a password, make sure its one that isn't too hard to type!

Use a pass phrase instead of just a pass word

A passphrase is the best password available. It's length makes it very hard to guess,
when coupled with capitalization, numbers & symbols. In addition, it may be easier
for touch typists to enter a passphrase rather than a password.

One method for creating a passphrase:

Choose a phrase you can remember, but not one you say or write frequently, and not
the ones in this example, for instance:

All for one, and one for all!

Buy low, sell high.

Add or change characters so that its not a verbatim proverb (and add capitalization,
numbers and/or special characters:):

all for One - One for all

Buy low & sell 2 high.

Use a memorable sentence or a group or words to create a cryptic password

If you prefer a password, here are two easy methods to create a strong one.

Sentence method for creating a password:

Choose a phrase, quote, proverb or cliche other than the one in this example, for
instance:

So long, and thanks for all the fish.

Take the first letters of each word in the phrase:

slatfatf

Add capitalization, numbers and/or special characters:

slatfatF\3

Word group method for creating a password:

Choose two or three memorable words other than the ones in this example, for instance:

Keep your password secure

Do not use your University passwords, or anything like them, on other systems.

Do not share your password with anyone, including supervisor, co-workers or friends.

Change your password immediately if you suspect it has been compromised or disclosed.

Storing your password(s)

It is best to memorize your password, but you may write your password down while you're
learning it. This may seem counter to security, but it is sound security advice and this is the way to do it:

Lock it away in a desk or file where you have the key.

Do not label it or otherwise indicate it is your password.

Destroy it when you no longer need it.

Password Managers

If you have many different passwords to remember, consider a password manager that uses real encryption. A password manager is software that stores all your passwords
under a single password. The Information Security Office has evaluated several free
products use using proper encryption and are recommended, but not supported by Pepperdine
IT.

What makes a password strong?

Not all passwords that meet our technical requirements are strong!

Generally speaking, you can consider that if a word is in the dictionary, it's in
the hacker's toolbox as well. You can also assume that anyone targeting you will use
any publicly available information about you, be it words, names or numbers, to hack
your password. Have a look at the 50 Most Common Passwords discovered during an Internet compromise in 2011. Never use these passwords, because
hackers and opportunists will try them first!

DON'T use common passwords and password components

Avoid passwords based on well known passwords, or similar passwords. These examples have been found on dozens to thousands of accounts
at Pepperdine - don't use anything like them!

Waves123

Password!

Autumn09, Spring2012 and similar

DO use a long password with special characters

Use a long password. When it comes to strong passwords, longer is better. Therefore, a passphrase is generally
stronger than a password. Even adding a few characters makes a big difference. A twelve
character password is potentially 30 million times stronger than an 8 character one.

Use special characters in your password. Many passwords have upper and lower case letters and numbers. That's good! Adding
special characters makes a larger 'password alphabet' and makes your password even
stronger. The term 'special characters' as used by IT includes the following:

! @ # $ % & ^ ~ _ * - = + ` ' " , . ; : ? | / \ ( ) [ ] { } < > space

Technical requirements for a strong password

Information Technology has put in place some technical controls to enforce strong
password basics. Network ID passwords have different requirements than PGP system
passwords.

Passwords for your Network ID

The University requires every holder of a Network ID to compose a unique network password
for that ID according to standards set by Information Technology (see Computer and Network Responsible Use Policy). The current IT standards for password composition (August 2009) are that every
password meet the following complexity criteria as to length, characters and source.

Length - A password must have a minimum of eight characters

Characters - A password must contain three out of the following four types of characters:

Complexity: Meets the PGP calculated complexity of 60% or more.(The PGP software will calculate this complexity percentage for you and give real
time feedback as you type).

Composition: Must not resemble or be based on your Network ID password.

Expiration & Lock-out Technical Requirements

Passwords for your Network ID will automatically expire 365 days after your last password
change. A user may change his or her Network ID password at any time and does not need to wait for the automatic expiration. If a user believes
their password may have been compromised, they should immediately change their password
at myid.pepperdine.edu and notify the University's Information Security Office (310-506-4040) or the IT
Service Desk (310-506-4357).

Change or RESET Your Network ID Password

NOTE: If you have entered your password into mobile devices or email programs that
periodically log in with that password, you may be locked out of your account if you
don't disable your automatic logins before changing or resetting your password. Typical
places where this happens are smartphones and non-outlook desktop emails, running
in IMAP or POP modes.

Click the check box to receive a text message with your PIN code and then click Request
PIN.

A PIN will be sent to your mobile phone or alternate email address.

Enter that PIN in the Validate PIN box

The system will prompt you to enter a new password and you will be done.

Use the network ID portal securely

The Network ID portal allows you to set up secondary identifiers used to change your
password, in case you forget it. Follow these guidelines in managing your Network
ID profile.

When using mobile numbers as a secondary identifier:

If you lose your phone, access the Network ID portal immediately and change to email
or secret questions for your secondary identifier. Be careful when loaning your phone
to others to make quick calls. Do not use this method if you give your phone to others
to use out of your supervision.

When using external email as a secondary identifier:

Remember that you are not to use your Pepperdine Network ID password on external accounts,
so choose a different password for your external email account, but make it strong,
too.

If you lose access to your external email account or it is broken into, access the
Network ID portal immediately and change to mobile number or secret questions for
your secondary identifier.

Do not use this method if you share your external email account with others or if
you leave your external email account logged in unattended.

When using secret questions as a secondary identifier:

Choose the questions that you know the answers to, but that few others may know. Consider
making up one or more answers, if you can remember them.

Why is there a PIN requirement for mobiles?

Faculty and staff are required to set a 15 minute timeout and password on any electronic
device used to access confidential University information. This includes setting a
timeout and PIN on mobile devices with access to University email. It is better security
if you set a password or passphrase on the mobile.

By University policy, access to confidential information, such as email or student/business
records, must be secured by passwords that meet current IT standards. The current
IT standard for mobiles is a PIN (4 digit numeric code). A person with physical access
to your phone can decrypt PIN protected contents in minutes; therefore a password
or passphrase is much better security. However, a PIN is designed to hinder someone
who is casually accessing a lost/stolen phone from browsing the information on it.

Have a look at the top 10 phone PINs. Never use these PINs, because hackers and opportunists will try them first.

Four digit PINs are possible to guess by hand and certain to be guessed by a machine.